From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: [PATCH net] netlink: extack needs to be reset each time through loop Date: Wed, 10 Jan 2018 13:00:39 -0800 Message-ID: <20180110210039.4763-1-dsahern@gmail.com> Cc: David Ahern To: netdev@vger.kernel.org, johannes.berg@intel.com Return-path: Received: from mail-pg0-f65.google.com ([74.125.83.65]:40534 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751366AbeAJVAq (ORCPT ); Wed, 10 Jan 2018 16:00:46 -0500 Received: by mail-pg0-f65.google.com with SMTP id q12so471637pgt.7 for ; Wed, 10 Jan 2018 13:00:45 -0800 (PST) Sender: netdev-owner@vger.kernel.org List-ID: syzbot triggered the WARN_ON in netlink_ack testing the bad_attr value. The problem is that netlink_rcv_skb loops over the skb repeatedly invoking the callback and without resetting the extack leaving potentially stale data. Initializing each time through avoids the WARN_ON. Fixes: 2d4bc93368f5a ("netlink: extended ACK reporting") Reported-by: syzbot+315fa6766d0f7c359327@syzkaller.appspotmail.com Signed-off-by: David Ahern --- net/netlink/af_netlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 972bfe113043..ee8252d7b3d4 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -2417,7 +2417,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *, struct nlmsghdr *, struct netlink_ext_ack *)) { - struct netlink_ext_ack extack = {}; + struct netlink_ext_ack extack; struct nlmsghdr *nlh; int err; @@ -2438,6 +2438,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *, if (nlh->nlmsg_type < NLMSG_MIN_TYPE) goto ack; + memset(&extack, 0, sizeof(extack)); err = cb(skb, nlh, &extack); if (err == -EINTR) goto skip; -- 2.11.0